Recent tests by an app security company have suggested that the Infosecurity Europe 2016 app, for the upcoming information security conference and exhibition in London in June, can be hacked through straightforward infiltration methods.
While this particular vulnerability does not put sensitive data at risk, it should serve as motivation for companies that do hold important personal information to assess their app security and stamp out any glaring or lingering weaknesses, says Promon.
A video demonstrates how the app can be compromised through the use of widely available hacking tools, by changing the text of the ‘Messages’ section to ‘Rabbits’.
While this test was done without malicious intentions, it should serve as a wake-up call for attendees at the conference and for app providers in general, who should all look towards shoring up their app security to keep sensitive data safe, says Promon.
Tom Lysemose Hansen, founder and CTO of Promon, said: “Our test was devised as a simple way of showing how savvy hackers can make a rapid and significant impact on an app which does not employ the most advanced proactive security measures. In the case of the Infosecurity app, little sensitive user data is at risk, but if, for example, a bank had neglected to build adequate protection around its app, it would effectively be presenting an open goal to cybercriminals.”
Hansen believes that banks and other app providers should conduct in-depth assessments of their app’s security and take proactive steps to plug any holes, given the evolving threat landscape and an ever-growing community of skilled cybercriminals. His company argues that the traditional security systems such as antivirus, antispam and antimalware are outdated and no longer able to protect companies and users.
Hansen added: “The fact that an app built for a security conference contains security flaws is indicative of a need for the wider mobile app community to take a hard look at just how watertight their apps really are. Having customer data compromised through an insecure app could have catastrophic financial and reputational consequences for an organisation. Taking a reactive approach to data breaches and relying on blacklist security is tantamount to locking the stable door after the horse has bolted. Embracing whitelist security solutions – namely taking proactive steps to enhance app security from the inside out – is the most effective step to take here. The Infosecurity app’s vulnerabilities should be a wake-up call to all app developers: find any flaws as a matter of urgency, and eliminate them before they become the cause of a major problem.” Visit: http://www.promon.co.
